• More than half of federal IT decision makers perceive IAM as enabling digital transformation, yet 85 percent of agencies still lack critical IAM capabilities
  • While nearly all surveyed agencies feel CDM has improved cybersecurity (97 percent), 94 percent face challenges that stand in the way of realizing its full benefit
  • Since the 2015 cybersecurity sprint, 94 percent of agencies report that their IAM efforts improving, but two in three admit there is still room for progress
  • Only 45 percent of agencies fully use the NIST framework, and more than half consider it only a guideline, not a mandate

ALISO VIEJO, Calif. – October 25, 2017 – One Identity, a leader in identity and access management (IAM) in government and beyond, released study results revealing a stark divide between agencies’ understanding of IAM’s benefits and real actions they’re taking to implement it. Findings show that while agencies recognize identity management’s critical role in digital transformation, they still face significant barriers to actual implementation. Further, data clearly demonstrates that agencies still don’t fully utilize IAM despite the federal government’s increasingly proactive stance toward cybersecurity via mandates such as the Cybersecurity Executive Order and remain severely handicapped by challenges in adopting the CDM.

Agencies Crippling Their own Digital Transformation

More than half (58 percent) of federal IT decision makers that responded to this survey recognize IAM as a digital transformation enabler, and understand IAM is a catalyst for more efficient, agile and secure IT. Yet 85 percent report that their agency still lacks essential IAM capabilities. Forty five percent even note that their agency is still lacking multi-factor authentication capabilities, pointing to a clear deficiency in IAM implementation.

CDM Program Implementation Still Facing Significant Challenges

The Congress-established CDM (Continuous Diagnostics and Mitigation) program, designed to protect federal agency networks, systems and data from unauthorized access or disruption, has apparently not had the intended impact. In fact, 94 percent of respondents report that they face challenges that limit the potential of CDM. Challenges include:

  • Budget constraints preventing implementation (52 percent)
  • Lack of staff expertise of the CDM capabilities and tools (45 percent)
  • Lack of alignment with, or support of, current tools such as Active Directory (37 percent), which exposes them to heightened risk and increased vulnerability.

 Substantial Improvement Needed in Existing Federal Cyber Frameworks

Since the 2015 cybersecurity sprint two in three respondents (64 percent) still feel they can improve, with more than a third (38 percent) admitting they can improve significantly.

Similarly, while most respondents (91 percent) cited that their agencies are using the National Institute of Standards and Technology (NIST) Cybersecurity Framework only 45 percent are using it fully. Furthermore, more than half (52 percent) admit that their agency uses the NIST framework only as a best practices guideline, rather than a mandate.

“Our data shines light on a significant gap between the understanding of IAM and actually taking advantage of it among federal agencies, the organizations that should be the first to embrace solutions and practices that protect their critical data while fostering an effective transformation to digital workspaces,” said John Milburn, president and general manager, One Identity. “It was eye opening, to say the least, to find out that while the government has worked to establish strict mandates and guidelines aimed at helping protect and enable these organizations so critical to our productivity and well-being, they have clearly met obvious challenges in implementing needed IAM practices and technologies, placing the spotlight on an issue that can no longer be ignored.”

Though it is impossible to completely predict what lies ahead in IT, federal agencies are increasingly aware of the risks they face and should make stronger efforts in taking a proactive security stance today to prevent attacks tomorrow. For more information on how One Identity can help agencies take a modular and integrated approach to addressing these issues: https://www.oneidentity.com/solutions/iam-for-government/


The One Identity Study consisted of an online survey conducted by Dimensional Research of IT professionals with responsibility for IT security as a major part of their job and were very knowledgeable about IAM. A total of 100 individuals in U.S. federal agencies completed the survey.


One Identity, a Quest Software business, helps organizations get identity and access management (IAM) right. With a unique combination of offerings including a portfolio of identity governance, access management and privileged management, and identity as a service that help organizations reach their full potential, unimpeded by security yet safeguarded against threats. One Identity has proven to be a company unequalled in its commitment to its customers’ long-term IAM success. More than 7,500 customers worldwide depend on One Identity solutions to manage more than 125 million identities, enhancing their agility and efficiency while securing access to their data -- wherever it might reside. For more information, visit http://www.oneidentity.com.


Media contacts

Jennifer Bernas

One Identity AR/PR

Mobile: 858-886-6443

Email: Jennifer.bernas@oneidentity.com


Megan Rufty

Sage Communications
Direct: 703-533-4833
Mobile: 240-315-8312
Email: mrufty@aboutsage.com

Related Content